Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2021/08/03 3:15 p.m.•33 views

Command injection

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application...

9CVSS9.2AI score0.27075EPSS
Exploits10References2
Prion
Prion
•added 2021/07/21 3:16 p.m.•33 views

Design/Logic Flaw

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM...

4CVSS4AI score0.0084EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/07/14 6:15 p.m.•33 views

Privilege escalation

Microsoft Exchange Server Elevation of Privilege Vulnerability...

5.2CVSS8.3AI score0.03265EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/07/09 2:15 p.m.•33 views

Design/Logic Flaw

Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp A valid sessionId is required but can be easily obtained via CVE-2021-30118...

4CVSS7.9AI score0.60084EPSS
Exploits2References3Affected Software1
Prion
Prion
•added 2021/07/09 11:15 a.m.•33 views

Design/Logic Flaw

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from th...

7.2CVSS7.7AI score0.00693EPSS
Exploits0References7Affected Software7
Prion
Prion
•added 2021/07/07 12:15 p.m.•33 views

Heap overflow

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user name space...

4.6CVSS7.8AI score0.78684EPSS
Exploits21References9Affected Software1
Prion
Prion
•added 2021/06/22 6:15 p.m.•33 views

Authorization

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier th...

7.5CVSS9.4AI score0.01406EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/06/16 8:15 a.m.•33 views

Deserialization of untrusted data

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

6.8CVSS9.1AI score0.04612EPSS
Exploits0References4Affected Software3
Prion
Prion
•added 2021/06/07 8:15 p.m.•33 views

Design/Logic Flaw

Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

6.8CVSS8.8AI score0.01102EPSS
Exploits1References5Affected Software2
Prion
Prion
•added 2021/06/04 2:15 a.m.•33 views

Out-of-bounds

The eBPF ALU32 bounds tracking for bitwise ops AND, OR and XOR in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e "bpf: Fix...

7.2CVSS8.1AI score0.27477EPSS
Exploits8References7Affected Software2
Prion
Prion
•added 2021/05/25 10:15 p.m.•33 views

Design/Logic Flaw

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

7.5CVSS8.5AI score0.02898EPSS
Exploits1References7Affected Software4
Prion
Prion
•added 2021/05/21 5:15 p.m.•33 views

Design/Logic Flaw

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.5CVSS9.1AI score0.02319EPSS
Exploits0References7Affected Software5
Prion
Prion
•added 2021/05/14 12:15 p.m.•33 views

Cross site scripting

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting XSS issues via the galleryid, tag, albumid and id GET parameters passed to the bwgfrontenddata AJAX action available to both unauthenticated and authenticat...

4.3CVSS6AI score0.1445EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2021/04/27 6:15 a.m.•33 views

Design/Logic Flaw

DISPUTED Unbound before 1.9.5 allows an assertion failure and denial of service in dnamepktcopy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...

5CVSS8.3AI score0.02128EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2021/04/22 10:15 p.m.•33 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

4CVSS4AI score0.00913EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/04/22 10:15 p.m.•33 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS5.1AI score0.01319EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/04/22 10:15 p.m.•33 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4CVSS4.8AI score0.02043EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2021/04/22 9:15 p.m.•33 views

Design/Logic Flaw

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions, Nucleus ReadyStart V3 All versio...

5.8CVSS6.4AI score0.03572EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2021/04/19 10:15 p.m.•33 views

Design/Logic Flaw

An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The...

5.6CVSS6.7AI score0.00366EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2021/04/14 2:15 p.m.•33 views

Integer overflow

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...

4.3CVSS6.2AI score0.0156EPSS
Exploits1References5Affected Software3
Prion
Prion
•added 2021/04/13 9:15 p.m.•33 views

Hardcoded credentials

Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled...

7.5CVSS9.3AI score0.00987EPSS
Exploits0References2Affected Software10
Prion
Prion
•added 2021/04/09 10:15 p.m.•33 views

Design/Logic Flaw

Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.8AI score0.0121EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2021/04/08 4:15 a.m.•33 views

Input validation

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the...

10CVSS9.6AI score0.03023EPSS
Exploits0References1Affected Software4
Prion
Prion
•added 2021/03/31 6:15 p.m.•33 views

Arbitrary file deletion

Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...

8.5CVSS6.8AI score0.68557EPSS
Exploits9References2Affected Software3
Prion
Prion
•added 2021/03/26 10:15 p.m.•33 views

Design/Logic Flaw

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...

4.7CVSS5.7AI score0.00272EPSS
Exploits0References2Affected Software2
Prion
Prion
•added 2021/03/23 9:15 p.m.•33 views

Out-of-bounds

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resultin...

4.6CVSS5.7AI score0.00638EPSS
Exploits1References5Affected Software4
Prion
Prion
•added 2021/03/23 5:15 p.m.•33 views

Input validation

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...

5CVSS7.1AI score0.02707EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2021/03/23 5:15 p.m.•33 views

Design/Logic Flaw

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

2.1CVSS5.9AI score0.00496EPSS
Exploits0References8Affected Software7
Prion
Prion
•added 2021/03/18 5:15 p.m.•33 views

Denial of service

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability...

7.1CVSS7.1AI score0.03235EPSS
Exploits0References8Affected Software10
Prion
Prion
•added 2021/03/16 3:15 p.m.•33 views

Design/Logic Flaw

Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.9AI score0.0987EPSS
Exploits1References5Affected Software3
Prion
Prion
•added 2021/03/16 3:15 p.m.•33 views

Heap overflow

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.6AI score0.01475EPSS
Exploits1References5Affected Software3
Prion
Prion
•added 2021/03/09 6:15 p.m.•33 views

Design/Logic Flaw

An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls devmapinitmap or sockmapalloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from thi...

4.6CVSS7.6AI score0.00321EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2021/03/05 6:15 a.m.•33 views

Design/Logic Flaw

The activerecord-sessionstore aka Active Record Session Store component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a...

5CVSS5.5AI score0.03687EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/02/24 5:15 p.m.•33 views

Server side request forgery (ssrf)

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

5CVSS5.2AI score0.88012EPSS
Exploits8References1Affected Software2
Prion
Prion
•added 2021/02/17 2:15 a.m.•33 views

Design/Logic Flaw

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then...

1.9CVSS5.8AI score0.00346EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2021/02/15 11:15 a.m.•33 views

Design/Logic Flaw

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

5CVSS6.2AI score0.07336EPSS
Exploits1References14Affected Software19
Prion
Prion
•added 2021/02/11 9:15 p.m.•33 views

Command injection

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...

6.5CVSS7.3AI score0.02074EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/02/10 8:15 p.m.•33 views

Cross site request forgery (csrf)

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

5CVSS7.3AI score0.03023EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2021/01/27 7:15 p.m.•33 views

Design/Logic Flaw

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error...

5CVSS7.5AI score0.11239EPSS
Exploits0References21Affected Software7
Prion
Prion
•added 2021/01/20 3:15 p.m.•33 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

6.8CVSS4.8AI score0.02295EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2021/01/20 3:15 p.m.•33 views

Design/Logic Flaw

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Elastic Search. Supported versions that are affected are 8.56, 8.57 and 8.58. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

6.8CVSS8.2AI score0.01585EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/01/20 3:15 p.m.•33 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

6.3CVSS4.3AI score0.01714EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2021/01/11 10:15 p.m.•33 views

Out-of-bounds

In avrcparsvendorcmd of avrcparstg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions:...

10CVSS9.2AI score0.03057EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/01/05 12:15 p.m.•33 views

Design/Logic Flaw

A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...

5CVSS7.2AI score0.97856EPSS
Exploits14References16Affected Software1
Prion
Prion
•added 2020/12/18 1:15 a.m.•33 views

Design/Logic Flaw

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...

6.8CVSS8.1AI score0.0714EPSS
Exploits1References26Affected Software20
Prion
Prion
•added 2020/12/15 5:15 p.m.•33 views

Design/Logic Flaw

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest system running on top of PowerVM or KVM hypervisors pseries platform a root like local user could use this flaw to further increase their privileges to...

7.2CVSS6.4AI score0.00506EPSS
Exploits1References4Affected Software3
Prion
Prion
•added 2020/12/11 2:15 p.m.•33 views

Design/Logic Flaw

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely...

4.3CVSS5.7AI score0.25076EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2020/11/20 8:15 p.m.•33 views

Privilege escalation

VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate thei...

7.2CVSS7.8AI score0.00392EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2020/11/10 5:15 a.m.•33 views

Code injection

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu and potentially derivatives this could be be chained with an additional issue that could allow a local user to create a new privileged...

4.6CVSS6.4AI score0.01109EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2020/10/23 1:15 p.m.•33 views

Privilege escalation

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub...

4.4CVSS7.1AI score0.043EPSS
Exploits1References140Affected Software16
Total number of security vulnerabilities5000